UK ISP TalkTalk Breach Could Compromise 4 Million Users
British broadband provider TalkTalk has been at the receiving end of a “significant and sustained cyber-attack,” according to the company’s website, in a breach that could leave up to 4 million customers’ details compromised.
TalkTalk, one of the biggest telecommunications companies in Britain has revealed that it was the target of a cyber-attack in which personal and financial details of customers may have been accessed.
In a statement addressing the incident, managing director of TalkTalk, Tristia Harrison said:
We are very sorry to tell you that yesterday a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyber attack on our website on Wednesday 21st October.
The breach marks the third cyberattack-related incident suffered by TalkTalk in the past 12 months alone.
While investigations are currently underway, the list of customers’ compromised data includes:
- Dates of birth
- Email addresses
- Telephone and mobile contact numbers
- TalkTalk account details and, significantly,
- Payment card details and bank details.
Dido Harding, CEO of TalkTalk spoke to the BBC, noting that while it is still too early to know how much data was stolen, the company has already started reaching out to customers to inform them of the breach.
Potentially it could affect all of our customers [4 million users], which is why we are contacting them all by email and we will also write to them as well.
Since the attack, the TalkTalk website is now secure and none of the company’s services which includes broadband, mobile, TV and telephony have been affected, contends Harding.
Staggeringly, Harding added that customer data may not have been encrypted.
'I can't confirm that the data has been encrypted' – Dido Harding, chief executive of #TalkTalk on cyber attack.
— BBC Radio 4 Today (@BBCr4today) October 23, 2015
An Act of Cyberterrorism?
A cybersecurity expert speaking to the BBC Radio finds reason to believe that the hackers behind the breach may be a group of radical militants.
Adrian Culley, a former detective at Scotland Yard’s cybercrime, unit said:
“It appears at face value to be Islamic cyberterrorism.”
The claim came after a Pastebin message was found to contain a dozen email addresses and national security numbers of customers by a hacking group referring to themselves as the “TalkTalk Hackers.”
The Pastebin dump contained details from multiple records of data purporting to be from the TalkTalk breach along with a message that read:
“We will teach our children to use the web for Allah … your hands will be covered in blood … judgement day is soon.”
Even conservatively, it isn’t a stretch to note that the breach is among the most damaging cyber-attacks to hit a British company. TalkTalk shares fell 7 percent during the company website’s outage on Wednesday and fell a further 8.5 percent Friday morning to drop to a two-year low of USD $3.67. The TalkTalk broadband still remains down.
Images from Shutterstock and Flickr.